Displaying 19 results from an estimated 19 matches for "client_alive_interval".
2014 Jul 06
15
[Bug 2252] New: RekeyLimit breaks ClientAlive
...not be sent, ever!
Problem seems to be:
serverloop.c:
wait_until_can_do_something(...)
max_time_milliseconds is set to the remaining time to a rekey.
client_alive_scheduled never gets set, as max_time_milliseconds!=0:
if (compat20 &&
max_time_milliseconds == 0 && options.client_alive_interval) {
client_alive_scheduled = 1;
max_time_milliseconds =
(u_int64_t)options.client_alive_interval * 1000;
}
The if clause might need changed to something like this:
if (compat20 &&
max_time_milliseconds > ((u_int64_t)options.client_alive_interval *
1000) &&
o...
2013 Nov 12
7
[Bug 2170] New: Potential integer overflow
...Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: loganaden at gmail.com
Created attachment 2373
--> https://bugzilla.mindrot.org/attachment.cgi?id=2373&action=edit
potential_overflow_fix
in serverloop.c:
max_time_milliseconds = options.client_alive_interval * 1000;
client_alive_interval is declare as int.
int client_alive_interval; /*
* poke the client this often
to
* see if it's still there
max_time_milliseconds is declared as u_int64_t.
Can this po...
2016 Jun 02
2
MaxDisplays configuration option
...tions->max_authtries = DEFAULT_AUTH_FAIL_MAX;
if (options->max_sessions == -1)
options->max_sessions = DEFAULT_SESSIONS_MAX;
+ if (options->max_displays == -1)
+ options->max_displays = MAX_DISPLAYS;
if (options->use_dns == -1)
options->use_dns = 0;
if (options->client_alive_interval == -1)
@@ -429,7 +432,7 @@
sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
sStreamLocalBindMask, sStreamLocalBindUnlink,
- sAllowStreamLocalForwarding, sFingerprintHash,
+ sAllowStreamLocalForwarding, sFingerprintHash, sMaxDisplays,...
2006 Apr 22
2
bug & patch in ServerAliveInterval (openssh 4.3-p2)
Hi openssh-unix-dev subscribers :)
I have found that ServerAliveInterval & ServerAliveCountMax have
some bug. Basically the ssh-alive check function (that verify the
peer is alive) is called only if no data at all gets into ssh (when it
should work only for server channel).I am pretty sure developers know
about this ..anyway I have tried to fix this issue. Here is the patch:
diff -rNu
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2002 Jan 23
0
[PATCH] Add multiple AuthorizedKeyFiles options
...===============================================
RCS file: /cvs/openssh/servconf.c,v
retrieving revision 1.74
diff -u -r1.74 servconf.c
--- servconf.c 22 Jan 2002 12:35:12 -0000 1.74
+++ servconf.c 23 Jan 2002 11:11:29 -0000
@@ -107,8 +107,7 @@
options->reverse_mapping_check = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
- options->authorized_keys_file = NULL;
- options->authorized_keys_file2 = NULL;
+ options->num_authorized_keys_files = 0;
}
void
@@ -223,15 +222,11 @@
options->client_alive_interval = 0;
if (options->client_alive_count_max ==...
2001 Nov 12
4
Please test -current
Could people please test -current? We will be making a release fairly
soon.
-d
--
| By convention there is color, \\ Damien Miller <djm at mindrot.org>
| By convention sweetness, By convention bitterness, \\ www.mindrot.org
| But in reality there are atoms and space - Democritus (c. 400 BCE)
2001 Aug 16
4
Idletimeout patch
...iginal author of PAM support of SSH
Juergen Keil <jk at tools.de> - scp bugfixing
diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c
--- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001
+++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001
@@ -102,6 +102,7 @@
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->pam_authentication_via_kbd_int = -1;
+ options->idletimeout = -1;
}
void
@@ -210,6 +211,8 @@
options->client_alive_count_max = 3;
if (options->pam_authentication_via_kbd_int == -1)
options->pam_authentication_via...
2001 Aug 03
1
Disconnecting: protocol error: rcvd type 98
When I SSH using protocol 1 from a Debian box running OpenSSH 2.9p2-4
to a sparc.sunos5 box running vanilla OpenSSH 2.9.1, after a little
while (of inactivity?) I get the following message on the client
terminal:
Disconnecting: protocol error: rcvd type 98
Looking further, this message is actually caused by the SSH daemon.
However, I'm at a loss to determine why sshd is doing this.
I attach
2001 Aug 20
1
Idletimeout patch, third attempt
...t, fd_set *exceptset,
+ int max_time_milliseconds);
+
+
#endif /* PACKET_H */
diff -ru openssh-2.9p2.orig/servconf.c openssh-2.9p2/servconf.c
--- openssh-2.9p2.orig/servconf.c Wed Apr 25 15:44:15 2001
+++ openssh-2.9p2/servconf.c Wed Aug 15 22:10:23 2001
@@ -102,6 +102,7 @@
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->pam_authentication_via_kbd_int = -1;
+ options->idletimeout = -1;
}
void
@@ -210,6 +211,8 @@
options->client_alive_count_max = 3;
if (options->pam_authentication_via_kbd_int == -1)
options->pam_authentication_via...
2001 Nov 20
3
problem with AFS token forwarding
Hello,
I came across an interoperability problem in OpenSSH 3.0p1 and 3.0.1p1
concerning the AFS token forwarding. That means that the new versions are
not able to exchange AFS tokens (and Kerberos TGTs) with older OpenSSH
releases (including 2.9p2) and with the old SSH 1.2.2x. In my opinion this
problem already existed in Openssh 2.9.9p1, but I have never used this
version (I only looked at the
2001 Oct 16
1
Defeating Timing Attacks Patch for OpenSSH 2.9.9p2 and 2.9p2
...by setting the client_alive_scheduled flag.
@@ -183,11 +217,11 @@
* this could be randomized somewhat to make traffic
* analysis more difficult, but we're not doing it yet.
*/
- if (compat20 &&
- max_time_milliseconds == 0 && options.client_alive_interval)
{
- client_alive_scheduled = 1;
+ if (max_time_milliseconds == 0 && options.client_alive_interval)
{
+ client_alive_scheduled = 1;
max_time_milliseconds = options.client_alive_interval *
1000;
- }
+ } else
+ clien...
2002 Jan 29
2
Key fingerprint logging
...cceptable");
packet_done();
diff -u5 openssh-3.0.2p1.orig/servconf.c openssh-3.0.2p1/servconf.c
--- openssh-3.0.2p1.orig/servconf.c Tue Nov 13 14:03:15 2001
+++ openssh-3.0.2p1/servconf.c Tue Jan 29 14:23:41 2002
@@ -107,10 +107,11 @@
options->reverse_mapping_check = -1;
options->client_alive_interval = -1;
options->client_alive_count_max = -1;
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
+ options->log_key_fingerprint = -1;
}
void
fill_default_server_options(ServerOptions *options)
{
@@ -227,10 +228,12 @@
else
options->authorized...
2001 Oct 06
1
Defeating Timing Attacks
Hello,
In response to the timing analysis attacks presented by Dawn Song et.
al. in her paper http://paris.cs.berkeley.edu/~dawnsong/ssh-timing.html
we
at Silicon Defense developed a patch for openssh to avoid such
measures.
Timing Analysis Evasion changes were developed by C. Jason Coit and Roel
Jonkman of Silicon Defense.
These changes cause SSH to send packets unless request not to,
2007 Mar 14
1
sshd gets stuck: select() in packet_read_seqnr waits indefinitely
Dear OpenSSH Portable sshd developers,
I'm having a problem where sshd login sessions are occasionally
(as often as once a day) getting stuck indefinitely. I enabled debug
messages and got a backtrace of a stuck sshd, and I think I've found
the bug. I wanted to run it by the list once before filing.
sshd version:
OpenSSH_4.2p1 FreeBSD-20050903, OpenSSL 0.9.7e-p1 25 Oct 2004
2001 Nov 09
4
keystroke timing attack
I'm reading this fine article on O'Reilly:
http://linux.oreillynet.com/lpt/a//linux/2001/11/08/ssh_keystroke.html
<quote>
The paper concludes that the keystroke timing data observable from
today's SSH implementations reveals a dangerously significant amount of
information about user terminal sessions--enough to locate typed
passwords in the session data stream and reduce the
2014 Feb 10
0
[PATCH] Basic SCTP support for OpenSSH client and server
..._via_sctp;
+ goto parse_flag;
+#endif
+
case sAddressFamily:
intptr = &options->address_family;
multistate_ptr = multistate_addressfamily;
@@ -1974,6 +2003,9 @@ dump_config(ServerOptions *o)
dump_cfg_int(sMaxSessions, o->max_sessions);
dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
+#ifdef USE_SCTP
+ dump_cfg_int(sListenViaSCTP, o->listen_via_sctp);
+#endif
/* formatted integer arguments */
dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
diff --git a/servconf.h b/servconf.h
index 752d1c...
2017 Jun 16
2
[PATCH] allow relative path in streamlocal forwarding
...ot;,
+ options.fwd_opts.streamlocal_bind_root_directory);
+ if (st.st_uid != authctxt->pw->pw_uid || (st.st_mode & 077) != 0)
+ fatal("Bad ownership or modes for directory %s",
+ options.fwd_opts.streamlocal_bind_root_directory);
+ }
+
packet_set_timeout(options.client_alive_interval,
options.client_alive_count_max);
diff --git a/sshd_config.5 b/sshd_config.5
index 7b4cb1d..0f1cf3f 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -1368,6 +1368,11 @@ or
.Cm no .
The default is
.Cm no .
+.It Cm StreamLocalBindRootDirectory
+Specifies the root directory where a Unix-do...
2001 Oct 10
7
OpenSSH solaris: bad return code after exec of remote command
Hi OpenSSH developers,
I am using openSSH (now 2.9.9p2, but prob occurs in 2.9p2 also) to execute
commands on a remote machine which outputs data to stdout then pipes it to
another invocation of ssh which connects back to the first machine in the same
way, where it starts a program to read and store the output from the command on
the second machine. I am using the "command" option in